[CYBERDIGEST]
⊞ Dashboard ⚡ Intelligence 📝 Reports 📚 Global Threats 💻 Hack Lab 🗄️ Resources ⌬ 0xJerry's Lab
📡 RSS Feed
System Online

Tag

#CVE-2026-15155

newsHIGH 8.8

CVE-2026-15155: Authenticated Account Takeover via Email Header Injection in Essential Addons for Elementor

The Essential Addons for Elementor plugin for WordPress is vulnerable to authenticated account takeover via email header injection. An attacker with Contributor-level access can inject a Bcc header into the administrator's password-reset notification email, potentially leading to full administrator account takeover. The vulnerability has a CVSS score of 8.8 and affects all versions up to 6.6.10.

Jul 12, 20261 source